Re: Access Rule for OutLook mail from Exernal ISP

I tried your suggestion by starting a query it indicated the following
information:

Client IP =123.56.78.910
Destination IP = 21.217.9.25
Destination Port = 53
Protocol = DNS
Action = Denied Connection
Rule = [Enterprise] Default rule
Result Code = 0xc004000dFWX_E_POLICY_RULES_DENIED

It does appear the my e-mail is being blocked by the information above. But
I don't understand why? From my reading the Default Enterprise rule can not
be changed. So how do I reslove this issues? Why is DNS an issue here.
I've created other rules regarding surfing the internet for a restricted set
of users and did not have any problems.

Can you tell me what must be done to get my e-mail working? I would also
like for you to point me in a direction where I can better understand the
solution to my problem.

Thanks




"Phillip Windell" wrote:

> "Larry Bird" <LarryBird@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:9C9CEE0F-8B89-4589-8D8D-B3CF1C583C57@xxxxxxxxxxxxxxxx
> > To try and make things work, I created to user defined protocols for SMTP
> and
> > POP3. Creating these User-Defined protocols then allowed me to define the
> > direction and port. For SMTP I used 25 for POP3 I used 110. Neither made
> > any difference.
>
> Correct. You use the ones that are there,..you don't create anything for
> something this simple when they already exist anyway. The "directions" are
> already correct on the ones that already exist. Make sure you use the ones
> labled "SMTP" and "POP3",...do *not* use "SMTP Server" or "POP3 Server".
> If the connection is SSL based you can also add "SMTPS" and "POP3S",..but I
> would be really really surprised if that what is being done.
>
> Two things I can think of:
>
> 1. Go to the Networks Object in the ISA MMC. Select the Internal Network
> Definition. Right-click on it and pick properties,...Select the Firewall
> Client Tab. Make sure it is enabled and the ISA Server name shows. In the
> one in my test lab I have everything checked and the Radio Button is set to
> "Use Default URL"
>
> 2. Go to the Monitoring Object in the ISA MMC. Select the Logging Tab.
> Select "Start Query". While that is running, try one of the SMTP/POP3
> Clients. The Log Monitor will tell you if something is being denied. It
> will tell you which Rule is doing the deny and which Protocol is being
> attempted and will show both the Client and Destination IP#.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
> -----------------------------------------------------
>
>
>
>
>
>
.